At 9:51 AM +0100 4/16/03, BHR Hana wrote:
>>Hi all,
>I have installed snort-1.9.1 and I have to analyse SPADE, I notice
>that snort involves a spade distribution [under
>~/snort-v/contrib/Spade-092200.1] Thus I have downloaded
>Spade-030125.1 from silicondefense,
>Could any one tell me which distribution may I run with snort??
That is indeed confusing for users. Version 092200.1, as you may
have guessed, is a much older version. In fact, it doesn't work with
Snort 1.9 and later (at a minimum, the install procedure won't work
due to the Snort package being restructured). You should use version
030125.1. I have asked for the version of Spade included in
"contrib" to be updated at least once in the past, but those with the
power to make this fix did not do so.
>Also, could you help me to configure spade to adjust its threshold?
As described in the Usage.Spade file, you can set Spade's threshold
by adding "thesh=<thresh>" to your spade-detect lines. If for some
reason you wanted to have the threshold automatically adjusted, see
the section of Usage.Spade that describes spade-adapt3.
Best regards,
Jim
--
|* Jim Hoagland, Associate Researcher, Silicon Defense *|
|* --- Silicon Defense: The Cyberwar Defense Company --- *|
|* jim at ...47..., http://www.silicondefense.com/ *|
|* Voice: (530) 756-7317 Fax: (530) 756-7297 *|